Required Firewall Ports and Communication Matrix Between Primary and DR Sites for Exchange Server 2019

Question

Hi everyone,

I'm working on a Disaster Recovery (DR) setup for Exchange Server 2019 CU14. In the primary site, we have three Mailbox servers (part of a single DAG) running on VMware. The DR site is still under development, hosted at a separate location , and currently has only one Domain Controller live. We are planning to extend the DAG to include servers in the DR site.

There is network connectivity between the primary and DR sites. Our failover target is automatic. To finalize the design, we need to configure the firewall between the two sites, and I'm looking for the required ports and a communication matrix for:

Exchange-to-Exchange (Primary <-> DR DAG members)

Exchange-to-Domain Controller (Primary <-> DR DC)

1. Client Access / Load Balancer connectivity if applicable

Could someone please share the official list of required ports or a recommended communication matrix between primary and DR Exchange environments?

Thanks in advance!

Answer 1

Hi Ahmed Essam,

Thank you for posting your question in the Microsoft Q&A forum.

In general, it’s not supported to restrict or alter network traffic between internal Exchange servers, or between internal Exchange servers and DCs in any and all types of topologies.

Microsoft does not suggest having any network or port limitation for Exchange servers and DCs.

Here is the article for your reference:

Network ports for clients and mail flow in Exchange | Microsoft Learn 

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.